The latest high profile data breach, which has impacted more than 73 million former and current AT&T customers, once again indicates that cybersecurity measures taken by some of the world’s largest companies remain insufficient. It is possible that AT&T itself may not be the direct target of the attack, but a vendor with trusted access to the telecom giant’s data trove. Vendors have been utilized as attack vectors against AT&T as recently as least year when nine million clients’ Customer Proprietary Network Information (CPNI) was accessed by threat actors. It is estimated that nearly all organizations have a relationship with a vendor that has experienced a data breach within the last two years.
2023 was a record period for hackers, with more than 3,200 separate exploits of personal information and consumer data recorded by the Identity Theft Resource Center (ITRC). Global cybersecurity spending is estimated to rise more than 14% YoY in 2024, but large enterprises in the telecom, financial, and healthcare sectors have all experienced data breaches in the first quarter alone. This suggests spending may need to rise much more aggressively to keep pace with hackers’ constantly increasing capabilities.
Related ETF: First Trust NASDAQ Cybersecurity ETF (CIBR)
An AT&T breach that compromised the data of about 7.6 million current account holders and 65.4 million former account holders – including customer passcodes and social security numbers – has once again shined a light on lacking security practices at some of the world’s largest companies. Larger companies are typically the custodians of the most valuable troves of data, making them the top target of hackers. Earlier this year, MRP highlighted the risks that firms in the financial sector face and noted that JPMorgan now invests $15 billion per year and employs 62,000 technologists to counter about 45 billion potential attacks monitored on a daily basis.
However, smaller enterprises that likely have smaller budgets when it comes to cybersecurity, but enjoy trusted access to larger companies’ data, can end up being attack vectors for savvy hackers. Data compromised in the AT&T hack has not been confirmed to have been taken directly from the telecom giant, and it may have instead come from a vendor, which would raise questions about how easily accessible customer information can be accessed by more vulnerable third parties. AT&T data has previously been leaked through vendors, as was the case last year when the exploit of a vendor’s system allowed nine million AT&T clients’ Customer Proprietary Network Information (CPNI) to be accessed by threat actors. Per Harvard Busines Review, 98% of organizations have a relationship with a vendor that experienced a data breach within the last two years. Identity Theft Resource Center (ITRC) figures the number of data compromises due to these supply chain attacks jumped 78% YoY in 2023.
Despite Gartner estimating $188 billion was spent globally on cybersecurity in 2023, a figure expected to grow to almost $215 billion in 2024, data breaches continue to become a more common occurrence. Last year was a record period for hackers, racking up 3,205 separate exploits of personal information and consumer data, 72% more than the…
To read the complete Intelligence Briefing, current All-Access clients, SIGN IN All-Access clients receive the full-spectrum of MRP’s research, including daily investment insights and unlimited use of our online research archive. For a free trial of MRP’s All-Access membership, or to save 50% on your first year by signing up now, CLICK HERE
